Weekly Top Ten Cybersecurity Stories – 11.4.2022 – Innovate Cybersecurity

WEEKLY TOP TEN | NOVEMBER 4, 2022 15:53 GMT

Our Threat Operations and Intelligence team compiles a daily digest of new cybersecurity threats from around the Internet. This top 10 has been culled from the 40+ unique stories we found relevant over the week, ranked by highest risk:

SocGholish Threat Actor Compromises Hundreds of News Sites After Supply Chain Attack
https://www.bleepingcomputer.com/news/security/hundreds-of-us-news-sites-push-malware-in-supply-chain-attack/
Security Researcher Releases Patch for Abused Microsoft Mark-of-the-Web Vulnerability
https://thehackernews.com/2022/10/unofficial-patch-released-for-new.html
Emotet Botnet Activity on the Rise After Multi-month Pause
https://www.bleepingcomputer.com/news/security/emotet-botnet-starts-blasting-malware-again-after-5-month-break/
GIMP-Impersonating Website Advertised by Google Until Recently
https://www.bleepingcomputer.com/news/security/google-ad-for-gimporg-served-info-stealing-malware-via-lookalike-site/
VMware Discloses that High Severity CVE-2021-39144 Has Available Proof-of-Concept Code
https://securityaffairs.co/wordpress/137912/security/vmware-cve-2021-39144-exploit.html
W4SP InfoStealer Found in 30+ High Use PyPI Python Registries
https://www.bleepingcomputer.com/news/security/dozens-of-pypi-packages-caught-dropping-w4sp-info-stealing-malware/
Azov Malware Resembles Ransomware But Only Encrypts Data Instead
https://www.bleepingcomputer.com/news/security/new-azov-data-wiper-tries-to-frame-researchers-and-bleepingcomputer/
Cranefly Hacking Group Using Novel IIS Log Method to Perform C2
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cranefly-new-tools-technique-geppei-danfuan
TikTok Discloses Ability for Employees to View Data of European Users
https://thehackernews.com/2022/11/new-tiktok-privacy-policy-confirms.html
CISA Releases Guidance to Harden Against Phishing and MFA Subversion
https://www.cisa.gov/uscert/ncas/current-activity/2022/10/31/cisa-releases-guidance-phishing-resistant-and-numbers-matching

Hand-Picked Top-Read Stories

Blockchain – How it Evolved from a Trending Buzzword to Protecting Data Integrity

Weekly Top 10 – 04.29.2024- Custom Exploit Tool by Russian APT Fancy Bear, Coveware Quarterly Report Released, CrushFTP Zero-day Allows Sandbox Escape, and More.

Weekly Top 10 – 04.22.2024- MITRE breach, Hackers Exploit Fortinet Flaw, UNDP investigates ransomware attack, and More.

Trending Tags

Weekly Top Ten Cybersecurity Stories – 11.4.2022

Previous Post

Weekly Top Ten Cybersecurity Stories – 10.28.2022

Next Post

Weekly Top Ten Cybersecurity Stories – 11.11.2022

The New Standard of

Cybersecurity
Education

Innovate Cybersecurity Summit

Threat Advisories

Weekly Top 10 – 04.29.2024- Custom Exploit Tool by Russian APT Fancy Bear, Coveware Quarterly Report Released, CrushFTP Zero-day Allows Sandbox Escape, and More.

Weekly Top 10 – 04.22.2024- MITRE breach, Hackers Exploit Fortinet Flaw, UNDP investigates ransomware attack, and More.

Weekly Top 10 – 04.15.2024- Google Bug Bounties, Medusa Ransomware Returns, LG Smart TVs Vulnerable, and More.

Weekly Top 10 – 04.9.2024- XZ Utils Backdoor, Vultur Banking Trojan, New Chrome Features, and More.

Weekly Top 10 – 04.2.2024- SharePoint and AMD Vulnerabilities, Password Spraying VPN Attacks, Tycoon 2FA, and More.

Education

Protecting Microsoft Teams From Data Exfiltration – A Tactical DLP Rule

Anatomy of a Data Breach

OpenAI Cybersecurity Research

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware